How TouchPoints.health uses ISO 27001 certification to enable business growth

“For a healthcare company like ours, trust is everything. Having a partner like IO has been essential in turning compliance from a challenge into an enabler of growth.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Key Takeaways

Learn how TouchPoints.health:

• Achieved ISO 27001 certification in six months
• Used the Assured Results Method to streamline and consolidate compliance
• Embedded compliance in daily workflows and across the organisation
• Ensures ongoing employee information security engagement and awareness with dedicated training.

About TouchPoints.health

TouchPoints.health is a secure, cloud-based practice management platform designed specifically for UK private doctors and clinics. The business enables clinicians to run their entire service from one user-friendly platform with emphasis on human-centred design and security.

Their mission is to transform the private healthcare experience for both doctors and patients by combining usability with robust compliance and security.

The Challenge

TouchPoints.health is built exclusively for clinicians and their patients; as such, sensitive health data is stored within the platform and robust, secure data management practices are crucial. The team knew that ISO 27001 certification was key to building trust in the platform and demonstrating that the business securely manages sensitive data.

“An important priority was demonstrating to clinicians, patients, and partners that our platform is both safe and effective. Trust in how we manage sensitive health data is fundamental to adoption.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Alex and his team managed the organisation’s information security compliance using an array of SharePoint documents, spreadsheets, and internal checklists. While this approach was workable, it was not scalable with company growth.

As part of achieving ISO 27001 certification, the TouchPoints.health team knew that the business needed to scale from disparate policies and procedures to a fully structured, audit-ready information security management system (ISMS) that was clear, dynamic, and embedded into daily operations. To do so, they required a comprehensive, centralised approach to compliance and a solution that would support their ISO 27001 certification journey.

“As a small but growing team, we needed a solution that could guide us through best practice while minimising administrative burden.”

Alex Almoudaris CEO and Founder, TouchPoints.health

The Solution

TouchPoints.health adopted the IO platform to support their ISO 27001 compliance and certification journey, using our 11-step Assured Results Method (ARM) to streamline and support their progress.

“The platform provides a structured pathway with practical guidance, which helped us accelerate our readiness. The [IO platform’s] usability stood out compared to traditional document-heavy systems.”

Alex Almoudaris CEO and Founder, TouchPoints.health

In addition, Alex and his team used the platform’s ISO 27001 framework to support their compliance and certification. The ISO 27001 module comes with policy and control templates that businesses can adapt to their specific industry and requirements, complete with intuitive task management capabilities, a risk bank and an evidence library.

“The pre-mapped ISO 27001 framework, dynamic policies and controls, and collaborative task management were invaluable. The audit-ready evidence library also gave us confidence in preparing for external assessments.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Using the IO platform and pre-loaded ISO 27001 framework, the dedicated TouchPoints.health team accelerated their ISO 27001 certification journey.

The Result

“We estimate IO has saved us at least 30–40% of the time compared with trying to build and maintain our ISMS manually, particularly when it comes to mapping controls and gathering evidence.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Impressively, TouchPoints.health achieved UKAS-accredited ISO 27001 certification in just six months, with zero non-conformities. This is largely due to the commitment of the TouchPoints.health team. Alex described how using IO enabled the team to embed compliance in daily workflows and across the organisation: “Instead of compliance being a side task, it is now part of how we operate.”

“The most valuable element has been the clear framework and guidance that removes ambiguity and the excellent support offered whenever needed. This has accelerated our progress while ensuring we remain aligned with best practice.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Employee information security awareness is vital for ongoing ISO 27001 compliance, as well as specifically within the healthcare sector, which is highly targeted by threat actors. IO’s employee training features were an area where Alex said the platform provided unexpected support:

“An unexpected benefit has been how the platform supports team engagement and training. The structured approach means security is now part of everyday conversations, not just a compliance project.”

Alex Almoudaris CEO and Founder, TouchPoints.health

Alex also praised the support provided by the IO team.

“The team has been a pleasure to work with. They have been supportive, knowledgeable, and responsive. Their expertise in navigating ISO 27001 has been instrumental in helping us move forward with confidence.”

Alex Almoudaris CEO and Founder, TouchPoints.health

What’s Next?

The TouchPoints.health team aren’t resting on their laurels when it comes to compliance, but they do have one key next step to take!

“Our immediate next step is finding a place to hang our certificate!”

Alex Almoudaris CEO and Founder, TouchPoints.health